github - ghsa-gqg7-c937-vcqh

ghsa-gqg7-c937-vcqh

Vulnerability from github

Published

2025-09-18 15:30

Modified

2025-09-18 15:30

Details

In the Linux kernel, the following vulnerability has been resolved:

tracing: Free error logs of tracing instances

When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak:

# cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo

Then check for memory leaks:

# echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff .ha.....ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc

The problem is that the error log needs to be freed when the instance is removed.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53375"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T14:15:40Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Free error logs of tracing instances\n\nWhen a tracing instance is removed, the error messages that hold errors\nthat occurred in the instance needs to be freed. The following reports a\nmemory leak:\n\n # cd /sys/kernel/tracing\n # mkdir instances/foo\n # echo \u0027hist:keys=x\u0027 \u003e instances/foo/events/sched/sched_switch/trigger\n # cat instances/foo/error_log\n [  117.404795] hist:sched:sched_switch: error: Couldn\u0027t find field\n   Command: hist:keys=x\n                      ^\n # rmdir instances/foo\n\nThen check for memory leaks:\n\n # echo scan \u003e /sys/kernel/debug/kmemleak\n # cat /sys/kernel/debug/kmemleak\nunreferenced object 0xffff88810d8ec700 (size 192):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff  `.ha....`.ha....\n    a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00  .0......\u0026.......\n  backtrace:\n    [\u003c00000000dae26536\u003e] kmalloc_trace+0x2a/0xa0\n    [\u003c00000000b2938940\u003e] tracing_log_err+0x277/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\nunreferenced object 0xffff888170c35a00 (size 32):\n  comm \"bash\", pid 869, jiffies 4294950577 (age 215.752s)\n  hex dump (first 32 bytes):\n    0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74  .  Command: hist\n    3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00  :keys=x.........\n  backtrace:\n    [\u003c000000006a747de5\u003e] __kmalloc+0x4d/0x160\n    [\u003c000000000039df5f\u003e] tracing_log_err+0x29b/0x2e0\n    [\u003c000000004a0e1b07\u003e] parse_atom+0x966/0xb40\n    [\u003c0000000023b24337\u003e] parse_expr+0x5f3/0xdb0\n    [\u003c00000000594ad074\u003e] event_hist_trigger_parse+0x27f8/0x3560\n    [\u003c00000000293a9645\u003e] trigger_process_regex+0x135/0x1a0\n    [\u003c000000005c22b4f2\u003e] event_trigger_write+0x87/0xf0\n    [\u003c000000002cadc509\u003e] vfs_write+0x162/0x670\n    [\u003c0000000059c3b9be\u003e] ksys_write+0xca/0x170\n    [\u003c00000000f1cddc00\u003e] do_syscall_64+0x3e/0xc0\n    [\u003c00000000868ac68c\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThe problem is that the error log needs to be freed when the instance is\nremoved.",
  "id": "GHSA-gqg7-c937-vcqh",
  "modified": "2025-09-18T15:30:34Z",
  "published": "2025-09-18T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53375"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2023-53375 (GCVE-0-2023-53375)

Vulnerability from cvelistv5

Published

2025-09-18 13:33

Modified

2025-09-18 13:33

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: tracing: Free error logs of tracing instances When a tracing instance is removed, the error messages that hold errors that occurred in the instance needs to be freed. The following reports a memory leak: # cd /sys/kernel/tracing # mkdir instances/foo # echo 'hist:keys=x' > instances/foo/events/sched/sched_switch/trigger # cat instances/foo/error_log [ 117.404795] hist:sched:sched_switch: error: Couldn't find field Command: hist:keys=x ^ # rmdir instances/foo Then check for memory leaks: # echo scan > /sys/kernel/debug/kmemleak # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff88810d8ec700 (size 192): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 60 dd 68 61 81 88 ff ff 60 dd 68 61 81 88 ff ff `.ha....`.ha.... a0 30 8c 83 ff ff ff ff 26 00 0a 00 00 00 00 00 .0......&....... backtrace: [<00000000dae26536>] kmalloc_trace+0x2a/0xa0 [<00000000b2938940>] tracing_log_err+0x277/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc unreferenced object 0xffff888170c35a00 (size 32): comm "bash", pid 869, jiffies 4294950577 (age 215.752s) hex dump (first 32 bytes): 0a 20 20 43 6f 6d 6d 61 6e 64 3a 20 68 69 73 74 . Command: hist 3a 6b 65 79 73 3d 78 0a 00 00 00 00 00 00 00 00 :keys=x......... backtrace: [<000000006a747de5>] __kmalloc+0x4d/0x160 [<000000000039df5f>] tracing_log_err+0x29b/0x2e0 [<000000004a0e1b07>] parse_atom+0x966/0xb40 [<0000000023b24337>] parse_expr+0x5f3/0xdb0 [<00000000594ad074>] event_hist_trigger_parse+0x27f8/0x3560 [<00000000293a9645>] trigger_process_regex+0x135/0x1a0 [<000000005c22b4f2>] event_trigger_write+0x87/0xf0 [<000000002cadc509>] vfs_write+0x162/0x670 [<0000000059c3b9be>] ksys_write+0xca/0x170 [<00000000f1cddc00>] do_syscall_64+0x3e/0xc0 [<00000000868ac68c>] entry_SYSCALL_64_after_hwframe+0x72/0xdc The problem is that the error log needs to be freed when the instance is removed.

References

URL

Tags

	https://git.kernel.org/stable/c/987f599fc556a4e64c405d8dde32c70311e8c278
	https://git.kernel.org/stable/c/6e36373aa5ffa8e00fe7c71b3209f6f17081e552
	https://git.kernel.org/stable/c/33d5d4e67a0e13c3ca6257fa67bf6503bc000878
	https://git.kernel.org/stable/c/c0cf0f55be043ef67c38f492aa37ed1986d2f6b6
	https://git.kernel.org/stable/c/46771c34d6721abfd9e7903eaed2201051eebec6
	https://git.kernel.org/stable/c/3357c6e429643231e60447b52ffbb7ac895aca22

Impacted products

Vendor

Product

Version

Linux

Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b
Version: 2f754e771b1a6feba670782e82c45555984ac43b

Linux

Version: 5.2

Show details on NVD website